Buy commercial curl support from WolfSSL. We help you work
out your issues, debug your libcurl applications, use the API, port to new
platforms, add new features and more. With a team lead by the curl founder
himself.
[Question] Forcing libcurl to use hardware randomization
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: Randall via curl-library <curl-library_at_lists.haxx.se>
Date: Sun, 5 Mar 2023 11:33:22 -0500
Hi Curl,
I have a curl built with OpenSSL. The built of OpenSSL uses hardware
randomization on the platform using _rdrand64(). When I use libcurl,
typically through git, I end up with an open to PRNGD, which is not
desirable. I'm wondering whether there is a configuration setting that I am
missing from curl to force this, or whether I should contribute code to
access the x86 hardware randomizer directly. There is no /dev/urandom or
/dev/random on this platform, aside from it being POSIX compliant. Curl is
configured as follows:
CFLAGS="-c99" CPPFLAGS="-D_XOPEN_SOURCE_EXTENDED=1 -WIEEE_float
-I/usr/local/openssl/include" LDFLAGS="-L/usr/local/lib" ./configure
--with-ssl=/usr/local --with-ca-path=/usr/local/ssl/certs --disable-pthreads
--disable-threaded-resolver --enable-ipv6
Thanks in advance,
Randall
Date: Sun, 5 Mar 2023 11:33:22 -0500
Hi Curl,
I have a curl built with OpenSSL. The built of OpenSSL uses hardware
randomization on the platform using _rdrand64(). When I use libcurl,
typically through git, I end up with an open to PRNGD, which is not
desirable. I'm wondering whether there is a configuration setting that I am
missing from curl to force this, or whether I should contribute code to
access the x86 hardware randomizer directly. There is no /dev/urandom or
/dev/random on this platform, aside from it being POSIX compliant. Curl is
configured as follows:
CFLAGS="-c99" CPPFLAGS="-D_XOPEN_SOURCE_EXTENDED=1 -WIEEE_float
-I/usr/local/openssl/include" LDFLAGS="-L/usr/local/lib" ./configure
--with-ssl=/usr/local --with-ca-path=/usr/local/ssl/certs --disable-pthreads
--disable-threaded-resolver --enable-ipv6
Thanks in advance,
Randall
-- Brief whoami: NonStop&UNIX developer since approximately UNIX(421664400) NonStop(211288444200000000) -- In real life, I talk too much. -- Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library Etiquette: https://curl.se/mail/etiquette.htmlReceived on 2023-03-05